#include "passdb.h"
#include "secrets.h"
#include "messages.h"
+#include "serverid.h"
#include "../librpc/gen_ndr/samr.h"
#include "../librpc/gen_ndr/drsblobs.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "../librpc/gen_ndr/idmap.h"
-#include "memcache.h"
+#include "../lib/util/memcache.h"
#include "nsswitch/winbind_client.h"
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
#include "passdb/pdb_secrets.h"
#include "lib/util_sid_passdb.h"
+#include "idmap_cache.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
initialized = True;
}
-static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
+static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
const char **name,
enum lsa_SidType *psid_name_use,
uid_t *uid, gid_t *gid);
{
struct passwd *pwd;
NTSTATUS result;
- const char *guestname = lp_guestaccount();
+ const char *guestname = lp_guest_account();
pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
if (pwd == NULL) {
fstring name2;
if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
- add_script = lp_adduser_script(tmp_ctx);
+ add_script = lp_add_user_script(tmp_ctx);
} else {
- add_script = lp_addmachine_script(tmp_ctx);
+ add_script = lp_add_machine_script(tmp_ctx);
}
if (!add_script || add_script[0] == '\0') {
return -1;
}
- del_script = lp_deluser_script(talloc_tos());
+ del_script = lp_delete_user_script(talloc_tos());
if (!del_script || !*del_script) {
return -1;
}
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid)
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
- return pdb->uid_to_sid(pdb, uid, sid);
-}
+ bool ret;
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- return pdb->gid_to_sid(pdb, gid, sid);
+ ret = pdb->id_to_sid(pdb, id, sid);
+
+ if (ret) {
+ idmap_cache_set_sid2unixid(sid, id);
+ }
+
+ return ret;
}
bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
{
struct pdb_methods *pdb = pdb_get_methods();
+ bool ret;
/* only ask the backend if it is responsible */
if (!sid_check_object_is_for_passdb(sid)) {
return false;
}
- return pdb->sid_to_id(pdb, sid, id);
+ ret = pdb->sid_to_id(pdb, sid, id);
+
+ if (ret == true) {
+ idmap_cache_set_sid2unixid(sid, id);
+ }
+
+ return ret;
}
uint32_t pdb_capabilities(void)
return true;
}
+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return pdb_default_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return pdb_default_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
/**
* The "Unix User" and "Unix Group" domains have a special
* id mapping that is a rid-algorithm with range starting at 0.
if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
const char *name;
enum lsa_SidType type;
- uid_t uid;
- gid_t gid;
+ uid_t uid = (uid_t)-1;
+ gid_t gid = (gid_t)-1;
/* Here we might have users as well as groups and aliases */
ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid);
if (ret) {
id->id = uid;
break;
default:
- DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
+ DEBUG(5, ("SID %s belongs to our domain, and "
+ "an object exists in the database, "
+ "but it is neither a user nor a "
+ "group (got type %d).\n",
sid_string_dbg(sid), type));
ret = false;
}
} else {
- DEBUG(5, ("SID %s is or domain, but is unmapped\n",
+ DEBUG(5, ("SID %s belongs to our domain, but there is "
+ "no corresponding object in the database.\n",
sid_string_dbg(sid)));
}
goto done;
pass_last_set_time);
}
+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds);
+}
+
bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
const struct dom_sid *sid)
{
}
+static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods,
+ const char *domain,
+ TALLOC_CTX *mem_ctx,
+ struct cli_credentials **creds)
+{
+ *creds = NULL;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
const char* domain,
const char* pwd,
taiob.current.count = 1;
taiob.current.array = &aia;
unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
+
aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
- aia.AuthInfo.clear.password = (uint8_t *) pwd;
aia.AuthInfo.clear.size = strlen(pwd);
+ aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd,
+ aia.AuthInfo.clear.size);
+ SAFE_FREE(pwd);
+ if (aia.AuthInfo.clear.password == NULL) {
+ talloc_free(tdom);
+ return NT_STATUS_NO_MEMORY;
+ }
+
taiob.previous.count = 0;
taiob.previous.array = NULL;
return true;
}
+static bool pdb_default_is_responsible_for_everything_else(
+ struct pdb_methods *methods)
+{
+ return false;
+}
+
bool pdb_is_responsible_for_our_sam(void)
{
struct pdb_methods *pdb = pdb_get_methods();
return pdb->is_responsible_for_unix_groups(pdb);
}
+bool pdb_is_responsible_for_everything_else(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_everything_else(pdb);
+}
+
/*******************************************************************
secret methods
*******************************************************************/
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
- (*methods)->uid_to_sid = pdb_default_uid_to_sid;
- (*methods)->gid_to_sid = pdb_default_gid_to_sid;
+ (*methods)->id_to_sid = pdb_default_id_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->search_aliases = pdb_default_search_aliases;
(*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
+ (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds;
(*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
(*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
(*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
pdb_default_is_responsible_for_unix_users;
(*methods)->is_responsible_for_unix_groups =
pdb_default_is_responsible_for_unix_groups;
+ (*methods)->is_responsible_for_everything_else =
+ pdb_default_is_responsible_for_everything_else;
return NT_STATUS_OK;
}